I have a whitelisted Twitter app that can request and receive email address of a twitter account when the owner of the account accepts and logs in through my app.
Now, I plan to connect it to my already available “Sign-up/Login by email” flow seamlessly.
The problem is, logged in Twitter user may not have verified their email account. In that case they can hijack a user on my system who signed-up with that email.
Therefore, I have to be sure that they have verified their email address. Otherwise I have to automatically send a confirmation link to the email address of the just-signed-in twitter user.
Is there any way to detect if the user confirmed their email address on Twitter? If not, what is the general solution to this problem? At least, how do you solve it for yourselves?